Law & Policy Case Study
Law and Policy Case Study
Bradley L. Hardman
UMUC
What does the word policy mean to you? In this study there will be a clear definition of the word and what it means to the company. After that is clearly defined, the next topics will be regulations and laws. Those three will cover legal environment and lead into a look at the impact the legal environment has on an organization. The final area to address is confidentiality, integrity, and availability of information. To begin with the definition of policy for our purposes comes in two parts. The first part is the definition of policy as it applies to the government be it federal, state, or local. From the website dictionary.com a policy is a course of action adopted and pursued by a government, ruler, political party, ect(dicionary.com, 2012). This definition is fairly strait forward and should not need any clarification. The second part of the definition is organizational policies; which are simply a specific course of action adopted for the sake of expediency, facility or other purpose. This can be just so the organization who developed the policy can achieve a goal or an objective. Policies are a necessary and critical part in any organization. They define the procedures and set of rules that employees or members are expected to abide by. Here is another definition from the SANS Institute,”A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities”(sans.org, 2012). The site goes on to point out that sometimes a standard or guideline is used instead of the word policy. Now that policy is defined, the next topic will be the governing regulations and laws. Laws and
Bradley L. Hardman
UMUC
What does the word policy mean to you? In this study there will be a clear definition of the word and what it means to the company. After that is clearly defined, the next topics will be regulations and laws. Those three will cover legal environment and lead into a look at the impact the legal environment has on an organization. The final area to address is confidentiality, integrity, and availability of information. To begin with the definition of policy for our purposes comes in two parts. The first part is the definition of policy as it applies to the government be it federal, state, or local. From the website dictionary.com a policy is a course of action adopted and pursued by a government, ruler, political party, ect(dicionary.com, 2012). This definition is fairly strait forward and should not need any clarification. The second part of the definition is organizational policies; which are simply a specific course of action adopted for the sake of expediency, facility or other purpose. This can be just so the organization who developed the policy can achieve a goal or an objective. Policies are a necessary and critical part in any organization. They define the procedures and set of rules that employees or members are expected to abide by. Here is another definition from the SANS Institute,”A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities”(sans.org, 2012). The site goes on to point out that sometimes a standard or guideline is used instead of the word policy. Now that policy is defined, the next topic will be the governing regulations and laws. Laws and
References: British Columbia. (2011). Information Security Policy. Retrieved June 23, 2011, from British Columbia Web site: http://www.cio.gov Canavan, S., & Diver, S. (2007). Information Security Policy – A Development Guide for Large and Small Companies. Retrieved June 23, 2011, from SANS Institute Web site: http://www.sans.org Danchev, D. (2003). Building and Implementing a Successful Information Security Policy. Retrieved June 23, 2011, from Windows Security Web site: http://www.windowsecurity.com/pages/security-policy.pdf U.S. Department of Health & Human Services. (n.d.). Summary of the HIPAA Security Rule. Retrieved June 24, 2011, from U.S. Department of Health & Human Services Web site: http://www.hhs.gov US Department of Interior, Indians Affairs. (2011, June 24). Regulations and Information Collection. Retrieved June 24, 2011, from US Department of Interior, Indians Affairs Web site: http://www.bia.gov Whitman, M. E., & Mattord, H. J. (2007). Legal, Ethical, and Professional Issues in Information Security. In M. E. Whitman, & H. J. Mattord, Principles of Information Security (pp. 90-94). Course Technology. Posted 6th January by Zinsou Messan U.S. Department of Health & Human Services. Retrieved from: http://www.hhs.gov/ocrprivacy/hipaa/understanding/summary/index.html